I’am doing my program and i need login and register system. My register system is working but login not.
I have done register system
x
SqlConnection sqlCon = new SqlConnection("Data Source = (LocalDB)\MSSQLLocalDB; Initial Catalog = ConnectionDb; Integrated Security = True");SqlDataAdapter sda = new SqlDataAdapter("Select Count(*) From UsersConfig where Email='" + textBox1.Text.Trim() + "' and Password='" + textBox2.Text.Trim() + "'", sqlCon);DataTable dtbl = new DataTable();sda.Fill(dtbl);if (dtbl.Rows[0][0].ToString() == "1"){ SqlConnection sqlConn = new SqlConnection("Data Source = (LocalDB)\MSSQLLocalDB; Initial Catalog = ConnectionDb; Integrated Security = True"); SqlDataAdapter sdaa = new SqlDataAdapter("Select Count(*) From UsersConfig where Email='" + textBox1.Text.Trim() + "' and Password='" + textBox2.Text.Trim() + "' and AdminYes='" + "1" + "'", sqlConn); DataTable dtbll = new DataTable(); sdaa.Fill(dtbll); if (dtbll.Rows[0][0].ToString() == "1") { MessageBox.Show("Has admin"); Form adminpanel = new AdminPanel(); adminpanel.Show(); this.Hide(); } else { MessageBox.Show("Hasn't got admin"); }}else{ MessageBox.Show("Not working!");}I don’t have error message
Advertisement
Answer
The suggestions from the comments above and the Microsoft link would change the code to be something like this below. Also, using parameters instead of building the string manually is HIGHLY recommended as building the SQL string can lead to SQL injection security vulnerabilities.
NOTE: I do not think this will fix the error you are having, but it may help find the issue.
string connectionString = "Data Source = (LocalDB)\MSSQLLocalDB; Initial Catalog = ConnectionDb; Integrated Security = True";using (SqlConnection sqlCon = new SqlConnection(connectionString)){ string email = textBox1.Text.Trim(); string pwd = textBox2.Text.Trim(); //NOTE: passwords shouldn't be stored in plain text. //There should be an hashing step here like: pwd = MyCustomPasswordHasher(email, pwd); string sql = "Select [AdminYes] From UsersConfig where Email=@user and Password=@password"; SqlCommand command = new SqlCommand(sql, sqlCon); command.Parameters.AddWithValue("@user", email); command.Parameters.AddWithValue("@password", pwd); try { command.Connection.Open(); object result = command.ExecuteScalar(); if (result == null) { MessageBox.Show("Invalid credentials!"); } else if (result.ToString() == "1") { MessageBox.Show("Has admin"); Form adminpanel = new AdminPanel(); adminpanel.Show(); this.Hide(); } else { MessageBox.Show("Hasn't got admin"); } } catch (SqlException ex) { MessageBox.Show("Database errors!"); }}